SecMANO: Towards Network Functions Virtualization (NFV) based Security MANagement and Orchestration

Network Functions Virtualization (NFV) has recently emerged as one of the major technological driving forces that significantly accelerate the evolution of today's computer and communication networks. Despite the advantages of NFV, e.g., saving investment cost, optimizing resource consumption, improving operational efficiency, simplifying network service lifecycle management, lots of novel security threats and vulnerabilities will be introduced, thereby impeding its further development and deployment in practice. In this paper, we briefly report our threat analysis in the context of NFV, and identify the corresponding security requirements. The purpose is to establish a comprehensive threat taxonomy and provide a guideline to develop effective security countermeasures. Furthermore, a conceptual design framework for NFV based security management and service orchestration is presented, with an objective to dynamically and adaptively deploy and manage security functions on the demands of users and customers. A use case about NFV based access control is also developed, illustrating the feasibility and advantages of implementing NFV based security management and orchestration.